From Network World:
The FBI warns that attackers are targeting vulnerable FTP servers used by small medical and dental offices as a way to obtain medical records and other sensitive personal information.
FTP is an older protocol with known vulnerabilities, however many small medical dental practices are still using it. Fixing the issue, or even finding out if you are vulnerable is not a DIY project. Check with your IT professional for advice. It may be as simple as resetting the protocols on the server.
Whatever it takes to fix the issue will be far less costly than the potential HIPAA fines which easily run into six figures.